From 1be77ec64675cacc3acaf8a75e5eb2339c86af24 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 22 Sep 2011 16:20:13 +0000 Subject: [PATCH] Improve mk_safe/mk_priv cleanup slightly In both functions, initialize outbuf on error, and avoid putting pointers into it before we reach the successful return stage. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25225 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/mk_priv.c | 11 +++++++---- src/lib/krb5/krb/mk_safe.c | 17 +++++++++-------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index 6d87d05d6..62c99340f 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -114,6 +114,9 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, krb5_error_code retval; krb5_key key; krb5_replay_data replaydata; + krb5_data buf = empty_data(); + + *outbuf = empty_data(); /* Clear replaydata block */ memset(&replaydata, 0, sizeof(krb5_replay_data)); @@ -191,7 +194,7 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, if ((retval = mk_priv_basic(context, userdata, key, &replaydata, plocal_fulladdr, premote_fulladdr, - auth_context->i_vector, outbuf))) { + auth_context->i_vector, &buf))) { CLEANUP_DONE(); goto error; } @@ -203,10 +206,8 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, krb5_donot_replay replay; if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_priv", &replay.client))) { - free(outbuf); + "_priv", &replay.client))) goto error; - } replay.server = ""; /* XXX */ replay.msghash = NULL; @@ -220,9 +221,11 @@ krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, free(replay.client); } + *outbuf = buf; return 0; error: + krb5_free_data_contents(context, &buf); if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) auth_context->local_seq_number--; diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 428a5e892..145336557 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -137,6 +137,9 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, krb5_error_code retval; krb5_key key; krb5_replay_data replaydata; + krb5_data buf = empty_data(); + + *outbuf = empty_data(); /* Clear replaydata block */ memset(&replaydata, 0, sizeof(krb5_replay_data)); @@ -217,7 +220,7 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, sumtype = safe_cksumtype(context, auth_context, key->keyblock.enctype); if ((retval = krb5_mk_safe_basic(context, userdata, key, &replaydata, plocal_fulladdr, premote_fulladdr, - sumtype, outbuf))) { + sumtype, &buf))) { CLEANUP_DONE(); goto error; } @@ -229,26 +232,24 @@ krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, krb5_donot_replay replay; if ((retval = krb5_gen_replay_name(context, auth_context->local_addr, - "_safe", &replay.client))) { - free(outbuf); + "_safe", &replay.client))) goto error; - } replay.server = ""; /* XXX */ replay.msghash = NULL; replay.cusec = replaydata.usec; replay.ctime = replaydata.timestamp; - if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) { - /* should we really error out here? XXX */ - free(outbuf); + /* should we really error out here? XXX */ + if ((retval = krb5_rc_store(context, auth_context->rcache, &replay))) goto error; - } free(replay.client); } + *outbuf = buf; return 0; error: + krb5_free_data_contents(context, &buf); if ((auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) || (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)) auth_context->local_seq_number--; -- 2.26.2